<!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.0 Transitional//EN'>

<html><head><title>531096-00028.htm</title>

<meta name='vs_defaultClientScript' content='JavaScript'>

<meta http-equiv="Content-Type" content="text/html; charset=utf-8">

<meta name='vs_targetSchema' content='http://schemas.microsoft.com/intellisense/ie3-2nav3-0'>

<meta name='Originator' content='CommentWorks'></head><body><Table>

<tr><td><b>Comment Number: </b></td><td>531096-00028</td></tr>

<tr><td><b>Received: </b></td><td>8/2/2007 2:12:19 PM</td></tr>

<tr><td><b>Organization: </b></td><td></td></tr>

<tr><td><b>Commenter: </b></td><td>not important</td></tr>

<tr><td><b>State: </b></td><td>Outside the United States</td></tr>

<tr><td><b>Agency: </b></td><td>Federal Trade Commission</td></tr>

<tr><td><b>Rule: </b></td><td>Private Sector Use of SSNs</td></tr>

<tr><td>No Attachments</td></tr></Table>

<hr><P><b>Comments:</b></p>SSN (or alternate similar identification numbers like the EIN are just that: a number identifying somebody. All uses of it to authenticate are the base of the problem. The best approach is to ban al use of SSNs as authentication means by *publishing the entire list on a certain date, forcing all other users to switch to a better system than a number that cannot be changed, that gets accidentially disclosed all the time etc. To support businesses: build a real authentication scheme where you e.g. issue smartcards containing private/public keypairs such as the E-ID project in Belgium.</body></html>